b'   CONTINUITY OF OPERATIONS\n          PLANNING\n\n                     EXECUTIVE SUMMARY\nAt the present Chairman\xe2\x80\x99s urging, we reviewed the Commission\xe2\x80\x99s preparations for\nresponding to contingencies that could affect the Commission\xe2\x80\x99s operations or\nsecurities markets including natural or man-made disasters, operational difficulties,\nand market volatility.\nDuring our audit, Commission staff were updating the Commission\xe2\x80\x99s draft\nContinuity of Operations (COOP) Plan and working on several continuity-related\ninitiatives to enhance the Commission\xe2\x80\x99s ability to prepare for and respond to\nemergencies. The incoming Chairman hired a full-time senior staff member to\ncoordinate these efforts from the Office of the Chairman (OC). We commend the\nChairman and the Commission for their significant efforts to strengthen the\nCommission\xe2\x80\x99s continuity planning.\nConsistent with these efforts, we are making several recommendations including\ndesignating a permanent COOP coordinator, ensuring adequate COOP staffing,\nmaking enhancements to the Market Watch rooms, testing backup generators,\ntraining Commission essential staff, redirecting phone lines so staff can be contacted\nmore efficiently at alternate locations, and enhancing the Commission\xe2\x80\x99s Occupant\nEmergency Plans (OEP).\nWe discussed our preliminary observations with a number of Commission officials\nthroughout the audit. In many instances, we found that they were already aware of\nand performing a considerable amount of work that needed to be done. As a result,\nseveral of the report\xe2\x80\x99s recommendations refer to work in progress, while others refer to\ntasks that still need to be addressed.\n\n\n\n                  OBJECTIVES AND SCOPE\nOur objectives were to determine if improvements were needed in the Commission\xe2\x80\x99s\ncontingency planning efforts and Occupant Emergency Plans (OEP). The audit was\ninitiated soon after the incoming Chairman requested that the audit be conducted as\nquickly as possible so its results could help guide the development of the final\nContinuity of Operations (COOP) Plan.\nDuring the audit, we interviewed Commission staff, reviewed the draft written\nCOOP plan and other available documentation, and observed operations in the\n\x0c                                                                                        2\n\n\nCommission\xe2\x80\x99s MarketWatch room and backup Market Watch room. We also\nreviewed COOP staffing levels, redundant communications, COOP planned training,\ntesting of equipment, and backup of vital records, and assessed COOP needs.\nWe also held discussions with officials at the Federal Reserve Board (FRB), the\nFederal Communications Commission, the Federal Deposit Insurance Corporation\n(FDIC), the Commodities Futures Trading Commission (CFTC) and the\nTransportation Security Agency to learn about their COOP plans and possible best\npractices. We did not conduct detailed audit testing to confirm the\ncomprehensiveness and resiliency of OIT\xe2\x80\x99s backup of electronic data.\nThe audit was performed from October 2005 to March 2006 in accordance with\ngenerally accepted government auditing standards.\n\n\n\n                            BACKGROUND\nThe Commission\xe2\x80\x99s COOP plan is designed to ensure the continued performance of\nessential Commission functions during and after an emergency, disaster or other\ndisruption of normal business operations. COOP is defined as the activities of\nindividual departments and agencies and their sub-components to ensure that their\nessential functions will be performed in the event of a disruption. These activities\ninclude plans and procedures that delineate essential functions, specify lines of\nsuccession and the emergency delegation of authority, provide for the safekeeping of\nvital records and databases, identify alternate operating facilities, provide for\ninteroperable communications and validate capability through tests, training and\nexercises.\nFederal Preparedness Circular 65 (FPC 65), issued by the Federal Emergency\nManagement Agency (FEMA), provides guidance to Federal agencies for developing\nviable and executable contingency plans for the continuity of operations.\nApproximately 280 Commission staff have been designated by their division and\noffice heads as \xe2\x80\x9cessential.\xe2\x80\x9d These employees are expected to be able to implement a\ncontingency plan and/or be available to carry out essential operations during a\nCOOP event. Such staff may be required to work from an alternate location.\nThe Commission\xe2\x80\x99s Occupant Emergency Plans (OEP) provide for the evacuation or\nshelter-in-place of Commission employees. Activities under the OEP may precede a\nCOOP event.\n\n\n\n                           AUDIT RESULTS\nAt the initiation of the audit, COOP efforts were languishing. There was no central\nCOOP coordinator, and the written COOP plan had never been finalized and was\noutdated. However, the incoming Chairman was dedicated to enhancing the\nCommission\xe2\x80\x99s COOP status. In December 2005, the Chairman hired a full-time\nsenior staff person to coordinate the agency\xe2\x80\x99s overall continuity efforts and provide\nguidance on the Commission\xe2\x80\x99s COOP plan and its implementation.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                            APRIL 21, 2006\n\x0c                                                                                                  3\n\n\nReflecting the new Chairman\xe2\x80\x99s priority interest in continuity-related matters, the\nCommission made a number of COOP-related enhancements during the audit. For\nexample, the Commission updated its written COOP plan (although it was still\ndesignated a \xe2\x80\x9cdraft\xe2\x80\x9d at the completion of the audit field work), 1 engaged in a multi-\nagency training exercise, trained staff to access the Commission\xe2\x80\x99s network\napplications from remote locations, worked toward enhancing communication\nsystems to ensure redundancy, and made arrangements with other agencies to\nprocure temporary space for the Chairman, Commissioners, and limited staff in the\nevent that the Commission\xe2\x80\x99s headquarters building (Station Place) becomes\nuninhabitable.\nThe Commission\xe2\x80\x99s written COOP plan generally complied with the guidance in FPC\n65, with some exceptions relating to vital records backup and tests and training, as\ndescribed below. OEPs at headquarters and the field offices varied by office and\nsome needed improvements.\nAs a result of the Commission\xe2\x80\x99s significant efforts to strengthen its COOP program,\nseveral of this report\xe2\x80\x99s findings summarize work in progress while others discuss\ntasks that still need to be performed.\n\n\nCOOP STAFFING AND OPERATIONS\nPermanent Coordinator\nThe Executive Director has overall responsibility for COOP, but he has numerous\nother responsibilities. 2\nThe Office of the Chairman (OC) hired a senior employee in December 2005 to\noversee the development and implementation of the Chairman\xe2\x80\x99s overall continuity\nassurance effort (both internal, including COOP, and external). This person\ncurrently works full-time on continuity-related matters, but once the COOP plan is\nfinalized and COOP policies and training are in place, this person may have\nsubstantially less direct involvement with the COOP plan.\nAfter the draft plan is finalized, much ongoing work will remain such as updating\nthe plan, training staff, tracking new and departing staff, carrying out mock\nexercises, ensuring policies are followed, testing equipment, and staying abreast of\nthe type of threats that could trigger the implementation of a COOP event.\nThe Commission does not currently have a permanent, full-time COOP coordinator.\nWithout a permanent COOP coordinator, the Commission faces the risk that COOP\nefforts could languish, as they did in the past.\n\n\n\n\n1\n  As stated in the \xe2\x80\x9cObjectives and Scope\xe2\x80\x9d section above, the Chairman requested that this audit\nbe conducted as quickly as possible, so that its results could help guide the development of the\nfinal COOP plan.\n2\n  The Office of the Executive Director supervises the Office of Administrative Services, the Office\nof Filings and Information Services, the Office of Financial Management and the Office of Human\nResources.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                                       APRIL 21, 2006\n\x0c                                                                                          4\n\n\n       Recommendation A\n       The Office of the Executive Director, in consultation with the OC, should\n       designate a qualified COOP coordinator within OED, and ensure that the\n       position remains filled.\nStaffing\nThe Office of Administrative Services (OAS) has three staff members currently\nassigned to update the COOP plan and ensure continuity of essential operations in a\ncontingency. Two of these employees currently devote most of their time to COOP,\nand the third devotes up to half of his time to COOP activities. In the future,\nhowever, only one OAS staff member expects to be able to continue to devote a\nsignificant portion of his time to COOP.\nStaff in Market Regulation (MR) work on continuity-related initiatives, focusing on\nhow a COOP event could affect the markets. Staff in other divisions and offices have\nbeen assigned continuity-related duties, in addition to their regular duties.\nWhile many staff dedicate a portion of their time to continuity-related initiatives,\nthe Commission lacks a core of trained people whose primary function is to support\nCOOP initiatives and operations. Other financial regulators such as the FRB,\nTreasury, and FDIC have trained staff, who are primarily responsible for carrying\nout COOP operations.\nWithout additional trained staff whose primary focus is continuity planning, COOP\ninitiatives could languish.\n\n\n       Recommendation B\n       The OED, in consultation with the OC, should determine its permanent\n       COOP staffing needs and ensure adequate COOP staffing. In doing this, the\n       OED and OC should consider adding permanent COOP responsibilities to the\n       responsibilities of certain existing Commission staff.\nOperations\nThe Chairman\xe2\x80\x99s office is generally a policy-setting and oversight office for the entire\nrange of Commission components and activities. Recognizing this, the Chairman\xe2\x80\x99s\noffice has considered the need to clarify which staff organization is best suited to\nadminister COOP activities in the future, and subject to what reporting structure.\nIn considering what organization should be responsible for COOP activities in the\nfuture, the Chairman has a variety of reasonable options from which to choose,\nincluding leaving the responsibility with OAS, which is responsible for the\nCommission\xe2\x80\x99s security operations, and running the program directly from the OED.\n\n\n       Recommendation C\n       The Chairman should determine which division or office should have primary\n       responsibility for COOP internal continuity activities and determine\n       appropriate reporting lines, where those lines are not already clearly\n       established.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                             APRIL 21, 2006\n\x0c                                                                                           5\n\n\nCOMMAND CENTER AND SCIF\n\nSome Commission staff have expressed the opinion that a Command Center is\nneeded. The Command Center would serve as an alternate location for the\nCommission\xe2\x80\x99s senior leadership to work and convene in the event they had to\nevacuate their offices, but did not have to evacuate the headquarters building. A\nCommand Center should be on a floor where the senior leadership would choose to\nbe during a crisis, but away from outside windows. It should be configured with a\nredundant suite of communications equipment necessary to link the Commission\xe2\x80\x99s\nsenior leadership with that of its peer agencies, staff, and private sector entities\nunder highly stressed operating conditions. A Command Center could consist of one\nor more rooms, perhaps including an interior room for the Chairman and a few key\nstaff, with an adjoining room for additional members of the Chairman\xe2\x80\x99s crisis team.\nThere are no particular security standards applicable to the construction of a\nCommand Center.\nSome Commission staff have also expressed the view that the Commission needs a\nSensitive Compartmented Information Facility (SCIF). A SCIF is a secure room in\nwhich all levels of classified and compartmented information may be received,\nstored, and discussed. SCIFs are built to externally imposed national security\nstandards and are not available for general use. Staff with the appropriate national\nsecurity clearance could, for example, use a SCIF as a place to analyze classified\ninformation they needed to know in order to meet their official responsibilities. A\nSCIF could be built adjacent to the Command Center to ensure that those working\nin the Command Center had a convenient place to receive and discuss classified\ninformation. A SCIF could, but need not, be equipped to receive classified reports\ndisseminated electronically directly from agencies such as the Central Intelligence\nAgency and Federal Bureau of Investigation.\nSome staff said that having a SCIF would better ensure that the Chairman received\ntimely and accurate information to make well-informed decisions in an emergency.\nFor example, if an incident occurred near the Station Place building, the Chairman\nwould need to learn about it as quickly as possible, in order to facilitate decisions\nregarding whether to send staff home, relocate staff, or shelter-in-place. It would be\nmost appropriate and convenient to receive briefings and conduct discussions of all\nrelevant information, including classified information, in a SCIF. (Note, however,\nthat it seems very unlikely that, under crisis conditions, an intelligence agency\nwould decline to provide the Chairman with all the pertinent information relevant to\nhis responsibilities merely because the Commission lacked a SCIF.) Other financial\nregulators, such as the FRB, FDIC, and CFTC, already have SCIFs.\nEstablishing a SCIF is an extremely costly endeavor. Given the expense, we\ndiscussed with Commission staff whether it would be sufficient to agree to share the\nSCIF of another government agency within walking distance of the Commission\xe2\x80\x99s\nheadquarters building in the event of an emergency. 3 This would give the Chairman\nand Commission the benefit of a SCIF without incurring its cost.\n\n3\n The Commission has entered into agreements with at least one other agency to use office\nspace including, as necessary, the agency\xe2\x80\x99s SCIF in the event that Station Place must be\nevacuated.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                                  APRIL 21, 2006\n\x0c                                                                                         6\n\n\nThe need for a Command Center and/or SCIF needs to be carefully evaluated. The\nevaluation needs to consider how these additions could help the Chairman make\nbetter decisions during a crisis and whether it would be likely to improve\nsignificantly the types of information to which the Chairman would have access\n(note, the Commission already has secure telephone and facsimile lines).\n       Recommendation D\n       The Chairman should decide whether the Commission needs a Command\n       Center, SCIF, or both, weighing the likely cost of each against the enhanced\n       capability it could provide under crisis conditions not requiring evacuation of\n       the headquarters building.\n\n\nMARKET WATCH ROOM ENHANCEMENTS\n\nThe following enhancements, some of which are underway, are needed in the Market\nWatch room(s):\n   \xe2\x80\xa2   The Market Watch rooms in Station Place and the Operations Center should\n       enable staff to videoconference with other entities, such as the bank\n       regulatory agencies, Self Regulatory Organizations, Congress, the White\n       House, and other Federal government agencies. Videoconferencing is\n       important because in an emergency situation, it is helpful to see decision\n       makers\xe2\x80\x99 body language and reactions. Videoconferencing capability could be\n       set up on an existing computer monitor. OIT is working with MR on this\n       task.\n   \xe2\x80\xa2   The Market Watch rooms in Station Place and the Operations Center\n       currently broadcast television news channels through satellite. If a satellite\n       is down, there is no backup. OIT is working to install cable as a backup for\n       Station Place and the Operations Center.\n   \xe2\x80\xa2   Market watch room staff record television broadcasts on video-cassette tapes.\n       MR is considering using more advanced technology, such as digital video\n       recorders that have the ability to record onto DVDs (e.g., TiVo). This is more\n       flexible and takes up less space than videos. If information is recorded onto a\n       DVD, it could be loaded onto any Commission desktop computer. OIT is\n       working with MR on this task.\n   \xe2\x80\xa2   The doors to the Commission\xe2\x80\x99s Station Place Market Watch Room should\n       contain a lock because the room contains sensitive information such as the\n       Commission\xe2\x80\x99s Red Book, a laptop computer and cell phones. These materials\n       are stored in a locked, mobile filing cabinet. However, it would still be useful\n       to lock the MarketWatch room doors at the close of business. MR should\n       ensure that OAS installs a door lock.\n   \xe2\x80\xa2   If eligible, the hoot-n-holler phones in the Market Watch rooms (Station Place\n       and Operations Center) should be registered for priority repair service\n       (Telecommunications Service Priority or TSP). Phone lines registered as TSP\n       receive a higher priority for repair than unregistered lines. OIT is\n       responsible for completing this task.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                             APRIL 21, 2006\n\x0c                                                                                      7\n\n\n          Recommendation E\n          OIT and OAS, in consultation with OED and MR, should complete the above\n          enhancements as quickly as possible.\n\n\nCUSTOM REDIRECT\n\nIn the event that staff work at an alternative location such as the Operations\nCenter, their homes, or any Commission backup site, it would be useful to redirect\nphone lines to the new locations, so an employee\xe2\x80\x99s line will ring at the alternate\nlocation.\nOIT is currently working with a phone company on this task. The objective of their\nefforts is to implement a redirection program that ensures that no call will go\nunanswered even during emergency operations from an alternate site. To meet that\nobjective, OIT is making sure that all operating division and office phones will be\nredirected to ring on at least one line at the alternate site during any crisis\nevacuation. In addition, the office phones of staff who are working from home\nduring such an emergency will be redirected to ring at their homes.\nThe OC and OED should continue to provide guidance to OIT regarding emergency\nredirection of incoming calls during evacuation emergencies.\n          Recommendation F\n          OIT, in consultation with the OED and the OC, should continue to implement\n          the custom redirect feature.\n\n\nTESTING\n\nBackup Generator\nStation Place buildings 1 and 2 each have two backup generators. One of each\nbuilding\xe2\x80\x99s generators backs up designated systems (desktop computers, fax\nmachines, Bloomberg, Reuters, Telerate, etc.) such as those in the Market Watch\nroom, the Chairman\xe2\x80\x99s Office and the Commissioners\xe2\x80\x99 offices. The other two\ngenerators back up life and safety equipment, such as elevators, emergency exit\nlights, and fire pumps. The generators should enable these systems and equipment\nto function despite a failure of utility power.\nAll four generators are tested every Saturday by the building engineers. 4 Testing\nconsists of running each generator for 30 minutes. During testing, systems are\npowered by generator instead of utility power, but the utility power is not turned off.\nCommission staff have not observed the backed up systems and equipment during a\nswitch from utility power to generator power and, therefore, have not confirmed:\n              \xe2\x80\xa2   Which systems and equipment are in fact backed up by generator; and\n\n\n4\n    The building engineers are employed by the building\xe2\x80\x99s owners.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                            APRIL 21, 2006\n\x0c                                                                                                8\n\n\n              \xe2\x80\xa2   Whether these systems and equipment could continue to operate,\n                  without interruption, in the event of a utility power failure.\nA more effective test would include turning off utility power, as this would better\nreplicate a real life situation. According to the building engineers, turning off utility\npower is only recommended once a year to avoid wear and tear on the components\nthat allow for switching between generator and utility power.\nDuring the audit, plans for testing the generators were underway.\n          Recommendation G\n          OAS, in coordination, as necessary, with OIT, MR, the OC and the building\n          engineers, should confirm that backed-up systems in the Station Place\n          Market Watch room and the Chairman\xe2\x80\x99s and Commissioners\xe2\x80\x99 offices function\n          without interruption when power is switched from utility to generator power.\n          This test should be performed annually with utility power off. 5\n          Recommendation H\n          OAS, in coordination with OIT and the building engineers, should ensure\n          that life and safety equipment, such as elevators, emergency exit lights, and\n          fire pumps, are adequately backed up. To do this, Commission staff should\n          confirm that the equipment functions without interruption during testing.\n          This test should be performed annually with utility power off. 6\nAdditional Backups\nDesktop computers and systems outside the OC and Market Watch rooms are not\nbacked up by generator. It could be useful if the systems of other essential staff\nwere backed up by generator.\n          Recommendation I\n          OAS, in consultation with the OC and OED, should determine which\n          additional Commission staff\xe2\x80\x99s desktop computers and other systems, if any,\n          should be backed up by generator power. If it is determined that additional\n          systems should be backed up, then the ED\xe2\x80\x99s office, including OAS, should\n          work with OIT on this task.\nEquipment\nEssential Commission staff typically have some combination of Commission-issued\ncell phones, walkie talkies, Blackberries, Government Emergency\nTelecommunications Service (GETS) cards, secure phones and fax machines and\ncomputers to access the Commission\xe2\x80\x99s network drives remotely.\nDuring an emergency situation, COOP essential staff may need to work from home\nor a backup site. Such situations would require increased reliance on using the\nabove equipment.\nWhile MR staff periodically test equipment such as walkie talkies, the Commission\ndoes not have a testing program to ensure staff periodically test their\n\n5\n    The remaining weekly tests should continue to be conducted with utility power on.\n6\n    The remaining weekly tests should continue to be conducted with utility power on.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                                       APRIL 21, 2006\n\x0c                                                                                                9\n\n\ncommunications equipment. Additionally, with the significant exception of CITRIX 7\ntraining for teleworking, there is no training program to ensure essential staff know\nhow to use the equipment.\n       Recommendation J\n       OIT, in consultation with OED and the OC, should establish a policy for\n       routine testing of communications and electronic equipment and for training\n       essential staff on the use of this equipment. OED, in consultation with OIT\n       and OC, should consider asking division and office heads to have certain\n       essential staff work periodically from a remote location using such\n       equipment. A means should be developed to ensure that those staff\n       designated \xe2\x80\x9cessential\xe2\x80\x9d for emergencies periodically test their equipment (e.g.,\n       through a signed self-certification, hands-on training, and/or electronic\n       tracking of usage by OIT). Test results should be documented.\n\n\nVITAL RECORDS\n\nFPC 65 states that agencies must have procedures for protecting and updating vital\nrecords and that: \xe2\x80\x9cTo the extent possible, agencies should pre-position and update on\na regular basis duplicate records or back-up electronic files.\xe2\x80\x9d 8\nThe Commission identified hundreds of vital records that are needed to carry out\nessential functions during a COOP event. Such records constitute hard copy\ndocuments, electronic documents and electronic systems.\nSome vital records, such as employee official personnel folders, phone logs,\ncorrespondence logs, no-action positions, hardship exemptions, Enforcement case\ndocuments (primarily at the field offices), 8(b) requests, and paper filings are in hard\ncopy only and are not backed up. OIT backs up electronic records. 9\nThe Office of Filings and Information Services (OFIS) is responsible for all official\nCommission records (many of which are vital records). 10 OFIS does not have a\nlisting of the Commission\xe2\x80\x99s vital records or ensure they are backed up. Some\nCommission divisions and offices may not be aware that they need to notify OFIS of\ntheir vital records.\n       Recommendation K\n       Within 90 days of this report\xe2\x80\x99s issuance, OFIS should obtain a listing of each\n       division and office\xe2\x80\x99s vital records and should, in consultation with other OED\n       offices and OIT, work with each division and office to ensure that vital\n       records are routinely backed up and sent off-site, as appropriate.\n\n7\n  CITRIX enables Commission staff to access Commission\xe2\x80\x99s network drives and e-mail from a\nnon-Commission computer.\n8\n  FPC 65, June 15, 2004, page 7.\n9\n  We were told that the Commission backs up various electronic records such as network drives\nand systems such as EDGAR. However, we did not conduct detailed audit testing to confirm the\ncomprehensiveness and resiliency of OIT\xe2\x80\x99s backup program.\n10\n   SEC Regulation 7-7 (May 8, 1996) established and \xe2\x80\x9cprovides guidance and instructions for\nimplementing the SEC\xe2\x80\x99s VRP [Vital Records Program].\xe2\x80\x9d\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                                  APRIL 21, 2006\n\x0c                                                                                         10\n\n\nTESTS, TRAINING AND EXERCISES\n\nFPC 65 states, \xe2\x80\x9cAll agencies must plan, conduct, and document periodic tests,\ntraining, and exercises to demonstrate the [COOP] plan\xe2\x80\x99s viability and identify\ndeficiencies. Deficiencies and actions taken to correct them must be documented.\xe2\x80\x9d 11\nTests\nFPC 65 requires agency testing to include quarterly testing of COOP alert,\nactivation and notification procedures. 12 This testing consists of calling or sending\nan e-mail to all essential employees\xe2\x80\x99 communications devices (telephones,\ncomputers, e-mail, Blackberries, etc.) and ensuring the employees received the\nmessage. This test has not been performed. OED is now testing a new emergency\nnotification system with its essential employee workforce.\n          Recommendation L\n          OED, in consultation with the OC and OIT, should test the COOP alert,\n          activation and notification procedures on a quarterly basis.\nTraining and Exercise Program\nIn 2005, OAS staff devised draft computer-based COOP training slides. Once\napproved, OAS intends to have all Commission employees view the slides. OAS also\ncreated a draft \xe2\x80\x9ctable top\xe2\x80\x9d exercise for select essential Headquarters staff. In\nDecember 2005, OAS provided copies of these drafts to the OC, OED and OIT.\nCritiquing the draft training materials and developing a Commission-wide COOP\ntraining program will require considerable additional work. As a result, the draft\ncomputer-based training slides have not yet been administered to Commission staff\nand decisions have not yet been made regarding which staff should participate in the\ndraft table top exercise or how many and what type of table top exercises and other\nCOOP training to hold annually.\n          Recommendation M\n          The OC, in consultation with the OED and OIT, should ensure that the\n          appropriate continuity-related training is provided to Commission staff.\n          Recommendation N\n          OED should draft and submit a proposed schedule of annual COOP-related\n          training and exercises for Commission staff to OC for review and approval.\nField Office Training\nCurrently, COOP training and exercises focus on participation by headquarters\nstaff. Field office staff suggested that the following training would be useful to\nthem:\n           \xe2\x80\xa2 Training in CPR, First Aid, Shelter-in-Place and the use of an\n               automatic external defibrillator (AED);\n           \xe2\x80\xa2 Participation in a mock COOP event;\n\n11\n     FPC 65, June 15, 2004, page 8.\n12\n     FPC 65, June 15, 2004, page I-1.\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                              APRIL 21, 2006\n\x0c                                                                                          11\n\n\n           \xe2\x80\xa2   Basic training involving relocation to a backup site;\n           \xe2\x80\xa2   Field office management\xe2\x80\x99s role in emergency planning and response;\n           \xe2\x80\xa2   Periodic meetings among all field office heads to discuss each other\xe2\x80\x99s\n               COOP plans (one meeting was planned for December 2005, then\n               canceled).\n\n\n       Recommendation O\n       In drafting the proposed schedule provided for in Recommendation N, OED\n       should consider field office training needs and include field office staff in\n       proposed COOP training exercises, as appropriate.\nCOOP Policies and Procedures\nThe Commission should develop policies and procedures delineating the roles of\nessential staff and describing how staff should perform essential functions at each\nstage of a COOP event (e.g., in the first hour, four hours, day, two days, etc.). Once\nthese policies and procedures are approved, appropriate staff training needs to take\nplace.\n\n       Recommendation P\n       The OED should prepare draft COOP policies and procedures, as described\n       above, for OC review and approval. The OED should ensure that the\n       appropriate training for essential staff is among the training included in the\n       proposed schedule produced under Recommendation N. The OC should\n       ensure that this training, once approved, is provided to essential staff.\n\n\nOCCUPANT EMERGENCY PLANS\nEmergency Supplies and Equipment\nEach Commission building (headquarters, the Operations Center, and the field\noffices) has an Occupant Emergency Plan (OEP). OAS provides guidance to all\nCommission organizations on setting up their OEPs. However, only OEP staff in\nStation Place and the Operations Center report to OAS. OEP staff in the field\noffices report to each field office head. We believe this contributes to disparities in\nOEPs.\nThere are limited supplies of emergency food (meals-ready-to eat or MREs) and\nbottled water at Station Place and the Operations Center. Five field offices (New\nYork, Boston, Philadelphia, Miami and Chicago) did not have emergency water\nsupplies and five field offices (New York, Boston, Philadelphia, Atlanta and Chicago)\ndid not have any MREs. Some offices plan to order these supplies, if such purchases\nare approved.\n\nThe OED and OAS believe it is each staff\xe2\x80\x99s personal responsibility to have their own\nemergency food and water, in the event of a prolonged stay in the building. This\ncould make it unnecessary for the Commission to purchase additional MREs and\nwater. However, no policy decision has been made regarding whether additional\npurchases of these items will be permitted.\n\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                               APRIL 21, 2006\n\x0c                                                                                       12\n\n\nStaff are responsible to ensure they have adequate supplies of medications, clothes,\nshoes, and other personal items.\n\n       Recommendation Q\n       OED should, after coordination with the OC, prescribe a Commission-wide\n       policy on whether additional Commission purchases of emergency food\n       (MREs) and bottled water should be made for Commission offices, including\n       field offices. OED should also periodically remind staffs (e.g, semi-annually\n       through an administrative notice) that it is their responsibility to have their\n       own supplies of medications, clothes, shoes, and other personal items\n       available in the event of a prolonged stay in the building or other\n       contingency.\n\nThe field offices\xe2\x80\x99 other emergency supplies such as blankets, radio, batteries,\ncommon area TVs, flashlights, first aid equipment, face masks and evacuation chairs\nfor handicapped varied by office.\n\n       Recommendation R\n       OAS should ensure that each Commission field office has sufficient\n       emergency supplies, as well as any emergency food and bottled water the\n       Commission may purchase under the policy adopted pursuant to\n       Recommendation Q.\n\nOnly three of the field offices (Denver, Salt Lake and San Francisco) have conducted\nshelter-in-place drills.\n       Recommendation S\n       In drafting the proposed schedule provided for in Recommendation N, OED\n       should work with each field office to determine its need for shelter-in place\n       drills and, in consultation with the head of each field office, ensure that\n       approved training and drills are conducted.\nEvacuation Meeting Spot Outside the Building\nEach division and office in Station Place has a designated meeting spot outside the\nbuilding for staff to convene in the event of a building evacuation. These locations\ncan be found on the Commission\xe2\x80\x99s Insider website as well the \xe2\x80\x9cWelcome Package\xe2\x80\x9d\nthat employees received when they moved into Station Place.\n\nDespite these resources, many individuals may still be unaware of the designated\nmeeting locations. OED and other offices\xe2\x80\x99 representatives are working to increase\nthe relevance and availability of evacuation information for Station Place employees.\n\n       Recommendation T\n       OED should remind Commission staff of the building evacuation meeting\n       locations. In doing so, OED should consider sending out periodic\n       administrative notices containing this information and posting the meeting\n       points in elevator lobbies and stairwells.\n\n\n\nCONTINUITY OF OPERATIONS PLANNING (AUDIT 413)                             APRIL 21, 2006\n\x0c'